mirror of
https://github.com/nocodb/nocodb.git
synced 2026-04-25 03:15:24 +00:00
cert generation fix
This commit is contained in:
starbirdtech383
@@ -17,10 +17,12 @@ TIP: you could simply run [./pre-req-check.sh](./pre-req-check.sh) which perform
|
||||
|
||||
## Install
|
||||
Run [install.sh](./install.sh), This script performs pre-requisite check, prompts you through required application properties and finally performs `docker-compose up -d`.
|
||||
Note: For most cases where no external integration required. The defaults properties are just fine.
|
||||
For most cases where no external integration required. The defaults properties are just fine.
|
||||
```
|
||||
./install.sh
|
||||
sudo ./install.sh
|
||||
```
|
||||
Note: sudo is required for docker to run unless you have configured docker user to be part of sudoers. If sudo is not used then you will get error `('Connection aborted.', PermissionError(13, 'Permission denied'))`
|
||||
|
||||
* At this point, your installation is completed and you should be able to access your nocodb instance *
|
||||
|
||||
### An example output will be like below.
|
||||
|
||||
@@ -10,16 +10,16 @@ To restart individual containers with name ( names: nocodb, nginx, postgres, re
|
||||
ex: to restart nginx\
|
||||
``` docker compose restart nginx ```
|
||||
|
||||
## reload nginx
|
||||
## Reload nginx
|
||||
use utility script at [./bin/nginx_reload.sh](./bin/nginx_reload.sh)
|
||||
|
||||
## Upgrade nocodb instance
|
||||
## [TBD] Upgrade nocodb instance
|
||||
|
||||
## Enable SSL
|
||||
To enable SSL for incoming https requests, nginx should be configured with combination of a public certificate and a private key. The SSL private key is kept secret on the server. It will be used to encrypt content sent to clients.
|
||||
Below are different approaches to get and configure certificates. Make your choice
|
||||
### letsencrypt for generating certificates
|
||||
Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [https://www.abetterinternet.org/donate/](donate) for their service.
|
||||
Certificates/key can be obtained by trusted CA (Certificate Authorities), there are many paid vendors found online or you can also use [letsencrypt](https://letsencrypt.org/) a non profit certificate provider for free however we recommend [donating](https://www.abetterinternet.org/donate/) for their service.
|
||||
|
||||
### [TBD] Bring your own certificates
|
||||
If you already have the certificates, either self signed or generated by any other means, you will need to configure them with nginx. Below are the steps
|
||||
|
||||
17
docker-compose/aio/sbin/gen_letsencrypt_cert.sh → docker-compose/aio/bin/gen_letsencrypt_cert.sh
Executable file → Normal file
17
docker-compose/aio/sbin/gen_letsencrypt_cert.sh → docker-compose/aio/bin/gen_letsencrypt_cert.sh
Executable file → Normal file
@@ -23,10 +23,17 @@ cd ${SCRIPT_DIR}/../bin
|
||||
|
||||
echo "Triggering certbot to create ssl configs: ${SERVER_NAME}"
|
||||
cd ${SCRIPT_DIR}/..
|
||||
docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d ${SERVER_NAME}
|
||||
docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d ${SERVER_NAME}
|
||||
result=$?
|
||||
|
||||
|
||||
echo "Now reload nginx with new ssl configs for your site : ${SERVER_NAME}"
|
||||
cd ${SCRIPT_DIR}/../conf/nginx/conf.d
|
||||
sed "s,<SERVER_NAME>,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/ssl_server_name_conf.template > ${SERVER_NAME}.conf
|
||||
if [[ $result == 1 ]]; then
|
||||
echo "cert generation failed"
|
||||
echo "rolling back the certs and reloading nginx"
|
||||
else
|
||||
echo "Now reload nginx with new ssl configs for your site : ${SERVER_NAME}"
|
||||
cd ${SCRIPT_DIR}/../conf/nginx/conf.d
|
||||
rm -f certbot.conf
|
||||
sed "s,<SERVER_NAME>,${SERVER_NAME},g" ${SCRIPT_DIR}/../nginx/conf-templates/ssl_server_name_conf.template > ${SERVER_NAME}.conf
|
||||
fi
|
||||
rm -rf ${SCRIPT_DIR}/../conf/nginx/conf.d/certbot.conf
|
||||
${SCRIPT_DIR}/../bin/nginx_reload.sh
|
||||
2
docker-compose/aio/bin/restart.sh
Normal file → Executable file
2
docker-compose/aio/bin/restart.sh
Normal file → Executable file
@@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
# docker-compse restart all containers utilty script
|
||||
# docker-compose restart all containers utilty script
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
COMPONENT_DIR=${SCRIPT_DIR}/../
|
||||
|
||||
2
docker-compose/aio/bin/start.sh
Normal file → Executable file
2
docker-compose/aio/bin/start.sh
Normal file → Executable file
@@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
# docker-compse restart all containers utilty script
|
||||
# docker-compose start
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
COMPONENT_DIR=${SCRIPT_DIR}/../
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80 ;
|
||||
listen 443 default_server ssl;
|
||||
listen [::]:443 ssl ;
|
||||
# chantge server_name while generating cert
|
||||
@@ -14,22 +12,16 @@ server {
|
||||
ssl_certificate /etc/nginx/ssl/live/<SERVER_NAME>/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/live/<SERVER_NAME>/privkey.pem;
|
||||
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
location / {
|
||||
include /etc/nginx/mime.types;
|
||||
root /opt/nocohub/nginx/data/<SERVER_NAME>/;
|
||||
index index.html index.htm;
|
||||
auth_basic "Restricted Access";
|
||||
auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;
|
||||
}
|
||||
|
||||
location /proxy {
|
||||
proxy_pass http://nocohub-001:8080;
|
||||
proxy_pass http://nocodb_backend;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
auth_basic "Restricted Access";
|
||||
auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_intercept_errors on;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
|
||||
@@ -24,7 +24,7 @@ echo " | Checking if required tools (docker, docker-compose, jq, lsof) are insta
|
||||
for tool in docker docker-compose lsof; do
|
||||
if ! command -v "$tool" &> /dev/null; then
|
||||
echo " | Error: $tool is not installed. Please install it before proceeding."
|
||||
exit 1
|
||||
PRE_REQ=1
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
18
docker-compose/aio/sbin/ubuntu-setup.sh
Executable file
18
docker-compose/aio/sbin/ubuntu-setup.sh
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "install docker and compose"
|
||||
sudo apt update
|
||||
sudo install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||
sudo chmod a+r /etc/apt/keyrings/docker.gpg
|
||||
|
||||
|
||||
sudo apt update
|
||||
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
sudo apt update
|
||||
apt-cache policy docker-ce
|
||||
sudo apt install docker-ce -y
|
||||
sudo apt install docker-compose -y
|
||||
apt-get install jq -y
|
||||
Reference in New Issue
Block a user